Job Summary

• This role is responsible for security assessment of software solutions developed in the organization to ensure applications meet the necessary security requirements. The role is responsible for overall security objectives of the organization but mainly focusing on security testing of applications, creating final reports, following standard operating procedures, educate developers on security issues with the help of frameworks and tools. The role involves working closely with cross-functional teams to understand requirements, provide technical insights, and ensure the successful security assessment of projects.

Responsibilities

• Does Security testing of portions of web applications, API, thick client applications according to standard methodologies and application specific checklist with appropriate tools while maintaining the delivery timelines.

• Analyses found security issues for impact and rates the severity accordingly.

• Retests of previously found security issues and updates the tickets with relevant information.

• Creates feature specific checklist if required based on the business logic of the feature and test them against security requirements.

• Identifies opportunities for automation and improvement in tooling used by security team and development teams for security evaluation purposes.

• Keeps up to date with latest security issues and apply them in the current methodology wherever applicable.

• Delivers security sessions for developers as a part of security culture and compliance requirement.

• Participates as a part of the team to deliver on high quality security related initiatives for the organization and team.

• Collaborates and communicates with stakeholders regarding security issues, their status, project progress, and issue resolution.

• Develops security tools to automate and improve processes and increase efficiency of testing.

Education & Experience Recommended

• Four-year or Graduate Degree in Computer Science, Information Systems, or any other related discipline or commensurate work experience or demonstrated competence.

• Typically has 3-6 years of work experience in web/API application security testing.

Preferred Certifications

• OSCP/eJPT/eWPT/Burp Suite Certified Practitioner or equivalent (Not required but good to have)

Knowledge & Skills

• OWASP WSTG Methodology

• OWASP TOP 10

• OWASP API TOP 10

• Web Security Testing

• API Security Testing

• Burp Suite

• Burp Suite Plugins

• SQLmap

• nmap

• Kali Linux

• SSDLC in Modern App Development

• Agile Development process

• CI/CD Pipeline understanding.

• Java/Golang/Python (Programming Language)

• SonarQube or Veracode or equivalent tool

• Microservices

• Thick client security testing (good to have)

• Threat modelling (good to have)

• SQL (Programming Language)

• Amazon Web Services

Cross-Org Skills

• Effective Communication

• Proactive

• Self-learning

• Team player

• Learning Agility

• Minimal supervision

Impact & Scope

• Impacts immediate team and acts as an informed team member by providing analysis based on available information.

Complexity

• Responds to routine and ad-hoc requirements within established guidelines.

Disclaimer

• This job description describes the general nature and level of work performed in this role. It is not intended to be an exhaustive list of all duties, skills, responsibilities, knowledge, etc. These may be subject to change and additional functions may be assigned as needed by management.

Equal Opportunity Employer (EEO):

HP, Inc. provides equal employment opportunity to all employees and prospective employees, without regard to race, color, religion, sex, national origin, ancestry, citizenship, sexual orientation, age, disability, or status as a protected veteran, marital status, familial status, physical or mental disability, medical condition, pregnancy, genetic predisposition or carrier status, uniformed service status, political affiliation or any other characteristic protected by applicable national, federal, state, and local law(s).